maravis.com

I just read an article in SC Magazine that says that some vendors are calling for a logo that can be displayed by PCI compliant companies. The idea is that being compliant can be used as a marketing tool and that a lot of companies are not able to communicate the impact of being compliant properly. If they had a logo on their website, people will know right away.

Almost all the major data breaches that have happened in the last 2 years have involved companies that were supposed to be PCI compliant. If being compliant meant that they were secure, then how could they have been breached?

Authentication is an important component of security. Almost every web application published on the internet uses some authentication to identify a user as a valid user, authorized to use the application. A user may have to remember so many passwords and use them on a regular basis that they can get confused. What if an application can identify you automatically, based on your computer (or any other device)?